For each sidechain ID, for each mainchain block, at most one sidechain
block header may be published. In addition, the sidechain block header
published on the mainchain blocks may only be published by the stake
lottery winner from the end of the previous block.
What happens if the stake winner disappears? It seems, in your scheme, that
this would cause progress to come to a screeching halt.
Our weak mitigation against a mainchain miner >50% attack is weakened
further; now the mainchain miner with 51% hashpower need only block the
creation of sidechain mainstake UTXOs except its own, and eventually the
other mainstake UTXOs will time out and the miner can outright steal
Can we not nest mainstake outputs in p2wsh/p2sh scripts to mitigate this?
This means that they cannot block the creation of mainstake utxos -- but I
guess they would still be able to block the spends of this utxo.
Another thing that is problematic with using a p2sh output is 'relocking'
the stake. Unfortunately if the p2sh script hash's aren't identical I don't
think we can guarantee they didn't spend the stake to a non stake output.
If the script hash's *are* identical then the miner can censor the
transaction that re-locks the output.
Perhaps there is a hybrid that would work, however it depends on what you
mean by 'creation'. If it is just the *initial* creation of the utxo -- and
not subsequent OP_STAKEVERIFY change outputs -- I think this strategy might
work. You just won't be able to participate in the lottery while the utxo
is nested inside the p2sh output initially.
This also brings back the problem above -- what if a stake winner
disappears -- or a miners creates the illusion they disappeared via
censorship? I guess a miner would be losing out on transaction fees.
On Fri, Sep 22, 2017 at 8:49 PM, ZmnSCPxj via bitcoin-dev <
Good morning bitcoin-dev,
I have yet another sidechain proposal: https://zmnscpxj.github.io/
1. While a 51% mainchain miner theft is still possible, it will take even
longer than in drivechains (either months of broadcasting intent to steal
before the theft, or locking funds that are likely to remain locked after a
2. A 26% anti-sidechain miner cannot completely block all sidechain
withdrawals as they could in drivechains.
3. Outside of attacks and censorship, the economic majority controls
sidechains, without going through miners as "representatives of the
4. With sufficient cleverness (stupidity?), proof-of-stake can be made to work.
I hope for your consideration. I suspect that I have not thought things
out completely, and probably missed some significant flaw.
bitcoin-dev mailing list